:Actually snprintf and some other functions in the same league have a :fundamentally wrong return type. They should return size_t or ssize_t, :because sizeof(size_t) >= sizeof(int) and the number of bytes actually :writeable e.g. to a string is limited by (s)size_t. Yes, I consider this :a flaw in the standard. : I think snprintf got it right, and things like read() and write() got it wrong. Just because you have a 64 bit address space doesn't mean that it makes sense to support it for everything, much less a string operation that 99.99999999999999% of the uses in code use values far less then 2^31. 'int' is a lot easier to understand both for sizeof() and as the return value to a read or write, and having sizeof() return unsigned has tripped me up more times then I can count because 99% of the time I am comparing it against int's, not unsigned ints. Plus I use negative numbers all the time to mean special things, and size_t screws that all up to the point where it is a royal pain in the ass. Just because sizeof() can only return an unsigned value doesn't mean that it should be typed that way. It becomes absurd after a while but that hasn't stopped the standards folks from doing it anyway. -Matt Matthew Dillon <dillon@backplane.com> :... : if (read(0, buf, sizeof(buf)) != sizeof(buf)) { : ... : } :generates a warning, because to allow error validation read returns :a signed size_t, but sizeof is unsigned. : :To summarize this whole discussion, it can't be avoided to add casts, :but it is important to understand when casts are necessary and how :to correctly cast. For example, it is better to cast the sizeof(buf) :to ssize_t in the example above, because _we_ know that there won't be :any problem. It would be nice if GCC could automatically stop printing :warnings if a fixed integer can be representated as both or an unsigned :integer of a smaller type is compared to a greater signed type. The first :can be savely promoted to signed and the latter as well. : :Joerg